Latest News

Threat Profile: Knowing yours is the first step to improving online security

Healthy dose of paranoia is a good thing with it comes to online security. The fact is, indeed, there are “out to get you” when you are connected to the Internet. But rather than sit in fear and anxiety, you can take effective steps to mitigate your risk, and the first step is to conceptualize your potential attackers with a thoughtful examination of your threat profile.
If these concepts sound scary and dangerous, it might help to treat it like a game, or, as I like to do, treat it like you are the star of your own James Bond movie. It is kind of fun to think of hackers as classic Bond villains. You have a secret that they are trying to get, and you must prevent them to save the world.

Two things comprise your threat profile: threat actors and their attack vectors. Simply stated, threat actors are who might attack you, and attack vectors are how they might attack you.
You can start building your threat profile by first dividing threat actors into two categories: people you know and people you don’t know. An example of a known threat actor might be a disgruntled ex-employee. Dealing with known threat actors requires actions and planning that is specific to the given circumstances, including issues of physical security. Most of us don’t have known people who pose a threat to us, but all of us have unknown threat actors who are lurking on the Internet.
Unknown threat actors can be placed into three broad categories: incompetent criminals, professional criminals, and state actors.

Incompetent criminals are fairly easy to identify. They are the ones who spam email full of misspellings and offer get-rich-quick schemes that are so obviously scams. Most of us are well aware of what we need to do to minimize our risk from incompetent criminals. For example, don’t open email attachments and click on links in such emails.